Netapp Snapcenter Server vulnerabilities
6 known vulnerabilities affecting netapp/snapcenter_server.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2017-15515MEDIUMCVSS 4.8fixed in 4.0vVersions prior to 4.02019-03-04
CVE-2017-15515 [MEDIUM] CWE-79 CVE-2017-15515: NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that coul
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
cvelistv5nvd
CVE-2018-5482MEDIUMCVSS 5.3fixed in 4.1vVersions prior to 4.12019-03-04
CVE-2018-5482 [MEDIUM] CWE-311 CVE-2018-5482: NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTP
NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.
cvelistv5nvd
CVE-2017-15519HIGHCVSS 7.2≥ 2.0, ≤ 3.0.12018-03-06
CVE-2017-15519 [HIGH] CWE-287 CVE-2017-15519: Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify b
Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation.
nvd
CVE-2017-15516HIGHCVSS 8.8v1.1v2.0+1 more2017-11-16
CVE-2017-15516 [HIGH] CWE-352 CVE-2017-15516: NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (C
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.
cvelistv5nvd
CVE-2015-7887HIGHCVSS 8.1v1.02017-08-07
CVE-2015-7887 [HIGH] CWE-284 CVE-2015-7887: NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
nvd
CVE-2016-1502HIGHCVSS 7.3v1.02017-02-07
CVE-2016-1502 [HIGH] CWE-287 CVE-2016-1502: NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication an
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
nvd